July 26, 2016 by Canadian Underwriter
The first five months of 2016 were dominated by malicious email campaigns of unprecedented volume, with new ransomware variants emerging quickly and actors “repeatedly [shifting] tactics with new loaders, document attachment types and obfuscation techniques to evade detection,” according to cybersecurity company Proofpoint, Inc.
Among email attacks that used malicious document attachments, 69% featured the new Locky ransomware in Q2, versus 24% in Q1. “That surge propelled Locky into the top spot for email-based malware, displacing Dridex,” the report said, adding that CryptXXX appeared on the scene in Q2 and quickly dominated the EK (exploit kit) landscape. Among the top 10 malicious email observed in Q2, the Locky strain accounted for 41% of all payloads, nearly doubling its share in the top 10 email-based threats.
Overall, the number of new ransomware variants (most distributed by EKs) grew by a factor of five to six since the fourth quarter of 2015. Researchers also observed multiple payloads being distributed in a single campaign, highly personalized large-scale attacks, rotating and geo-targeted lure documents; and a “crossover” campaign that attached malware to credential phishing. “In short, threat actors are using a wide variety of techniques to expand attack surfaces and capitalize on clicks in socially engineered attacks,” the report said.
Other findings of the report included: